Ejemplo n.º 1
0
    def __call__(self, request):
        response = self.get_response(request)

        if getattr(request, 'axes_locked_out', None):
            response = get_lockout_response(request)  # type: ignore

        return response
Ejemplo n.º 2
0
    def __call__(self, request):
        response = self.get_response(request)

        if settings.AXES_ENABLED:
            if getattr(request, "axes_locked_out", None):
                response = get_lockout_response(request)  # type: ignore

        return response
Ejemplo n.º 3
0
    def process_exception(self, request: AxesHttpRequest, exception):  # pylint: disable=inconsistent-return-statements
        """
        Handle exceptions raised by the Axes signal handler class when requests fail checks.

        Note that only ``AxesSignalPermissionDenied`` is handled by this middleware class.

        :return: Configured ``HttpResponse`` for failed authentication attempts and lockouts.
        """

        if isinstance(exception, AxesSignalPermissionDenied):
            return get_lockout_response(request)
Ejemplo n.º 4
0
    def process_exception(self, request: AxesHttpRequest, exception):  # pylint: disable=inconsistent-return-statements
        """
        Handle exceptions raised by the Axes signal handler class when requests fail checks.

        Note that only ``AxesSignalPermissionDenied`` is handled by this middleware class.

        :return: Configured ``HttpResponse`` for failed authentication attempts and lockouts.
        """

        if isinstance(exception, AxesSignalPermissionDenied):
            return get_lockout_response(request)
Ejemplo n.º 5
0
    def process_exception(self, request: AxesHttpRequest, exception):  # pylint: disable=inconsistent-return-statements
        """
        Exception handler that processes exceptions raised by the axes signal handler when request fails with login.

        Refer to axes.signals.log_user_login_failed for the error code.

        :param request: HTTPRequest that will be locked out.
        :param exception: Exception raised by Django views or signals. Only AxesSignalPermissionDenied will be handled.
        :return: HTTPResponse that indicates the lockout or None.
        """

        if isinstance(exception, AxesSignalPermissionDenied):
            return get_lockout_response(request)
Ejemplo n.º 6
0
    def __call__(self, request):
        response = self.get_response(request)

        if "rest_framework" in settings.INSTALLED_APPS:
            AxesProxyHandler.update_request(request)
            username = get_client_username(request)
            credentials = get_credentials(username)
            failures_since_start = AxesProxyHandler.get_failures(
                request, credentials)
            if (settings.AXES_LOCK_OUT_AT_FAILURE
                    and failures_since_start >= get_failure_limit(
                        request, credentials)):

                request.axes_locked_out = True

        if getattr(request, "axes_locked_out", None):
            response = get_lockout_response(request)  # type: ignore

        return response
Ejemplo n.º 7
0
 def test_get_lockout_response_lockout_template(self, render):
     self.assertFalse(render.called)
     get_lockout_response(request=self.request)
     self.assertTrue(render.called)
Ejemplo n.º 8
0
 def test_get_lockout_response_cool_off(self):
     get_lockout_response(request=self.request)
Ejemplo n.º 9
0
 def test_get_lockout_response_lockout_json(self):
     self.request.is_ajax = lambda: True
     response = get_lockout_response(request=self.request)
     self.assertEqual(type(response), JsonResponse)
Ejemplo n.º 10
0
    def inner(request, *args, **kwargs):
        if AxesProxyHandler.is_allowed(request):
            return func(request, *args, **kwargs)

        return get_lockout_response(request)
Ejemplo n.º 11
0
 def test_get_lockout_response_override_path(self):
     response = get_lockout_response(self.request, self.credentials)
     self.assertEqual(400, response.status_code)
Ejemplo n.º 12
0
 def test_get_lockout_response_lockout_template(self, render):
     self.assertFalse(render.called)
     get_lockout_response(request=self.request)
     self.assertTrue(render.called)
Ejemplo n.º 13
0
 def test_get_lockout_response_cool_off(self):
     get_lockout_response(request=self.request)
Ejemplo n.º 14
0
    def inner(request: AxesHttpRequest, *args, **kwargs):
        if AxesProxyHandler.is_allowed(request):
            return func(request, *args, **kwargs)

        return get_lockout_response(request)
Ejemplo n.º 15
0
    def inner(self, *args, **kwargs):
        if AxesProxyHandler.is_allowed(self.request):
            return func(self, *args, **kwargs)

        return get_lockout_response(self.request)
Ejemplo n.º 16
0
 def test_get_lockout_response_lockout_json(self):
     self.request.META["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest"
     response = get_lockout_response(request=self.request)
     self.assertEqual(type(response), JsonResponse)
Ejemplo n.º 17
0
 def test_get_lockout_response_lockout_response(self):
     response = get_lockout_response(request=self.request)
     self.assertEqual(type(response), HttpResponse)
Ejemplo n.º 18
0
 def test_get_lockout_response_lockout_json(self):
     self.request.is_ajax = lambda: True
     response = get_lockout_response(request=self.request)
     self.assertEqual(type(response), JsonResponse)
Ejemplo n.º 19
0
 def test_get_lockout_response_override_invalid(self):
     with self.assertRaises(TypeError):
         get_lockout_response(self.request, self.credentials)
Ejemplo n.º 20
0
 def test_get_lockout_response_lockout_response(self):
     response = get_lockout_response(request=self.request)
     self.assertEqual(type(response), HttpResponse)